CVE-2022-22364

Published: May 3, 2024Modified: Jan 7, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903.

Affected (3)

Products: Ibm: Cognos Controller

1 product

Cognos Controller

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Cognos Controller	Version 10.4.1
Ibm Cognos Controller	Version 10.4.2
Ibm Cognos Controller	Version 11.0.0

Related CWEs

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Reliance on Reverse DNS Resolution for a Security-Critical Action

The product performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly ensure that the IP address is truly associated with the hostname.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/220903

Source: psirt@us.ibm.com

Vendor Advisory

https://www.ibm.com/support/pages/node/7149876

Source: psirt@us.ibm.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/220903

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.ibm.com/support/pages/node/7149876

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.